Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement public client application global cache #770

Merged
merged 6 commits into from Oct 23, 2020
Merged

Implement public client application global cache #770

merged 6 commits into from Oct 23, 2020

Conversation

cheenamalhotra
Copy link
Member

Fixes an issue where driver continues to prompt for credentials when requesting access token for AAD authentication, mainly visible when using Interactive authentication.

@cheenamalhotra cheenamalhotra added this to the 2.1.0-preview2 milestone Oct 22, 2020
@cheenamalhotra cheenamalhotra added this to In progress in SqlClient v2.1 via automation Oct 22, 2020
@karinazhou
Copy link
Member

Though the testing for this requires human interaction, can we have some comments or sample code somewhere about how to validate it manually?

@DavoudEshtehari
Copy link
Member

Assume that there are two active tokens with different access to two databases; The first token with index 0 in the accounts has access to database_1 and the second token has access to database_2.
In the next connection with the initial catalog = database_2 always we return the first token if we don't specify the user.
Maybe we need more data to pick the correct token.

@David-Engel
Copy link
Contributor

David-Engel commented Oct 23, 2020
edited

Assume that there are two active tokens with different access to two databases; The first token with index 0 in the accounts has access to database_1 and the second token has access to database_2.
In the next connection with the initial catalog = database_2 always we return the first token if we don't specify the user.
Maybe we need more data to pick the correct token.

The scope of the token is database.windows.net, not the specific database. So using the same token for two databases will be fine. The token identifies the user to the database and database ACL settings determine whether that user is authorized to access the database. There really should never be two tokens in the situation you described. The first token would have been provided when the second was requested from MSAL.

SqlClient v2.1 automation moved this from In progress to Reviewer approved Oct 23, 2020
@DavoudEshtehari

This comment has been minimized.

Sign in to view
@cheenamalhotra cheenamalhotra merged commit d65173b into dotnet:master Oct 23, 2020
SqlClient v2.1 automation moved this from Reviewer approved to Done Oct 23, 2020
SqlClient v2.1 automation moved this from Done to Reviewer approved Oct 23, 2020
@cheenamalhotra cheenamalhotra moved this from Reviewer approved to Done in SqlClient v2.1 Jan 6, 2021
@dependabot dependabot bot mentioned this pull request Mar 8, 2021
Closed
@dependabot dependabot bot mentioned this pull request Mar 8, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johnnypham johnnypham johnnypham left review comments

@karinazhou karinazhou karinazhou approved these changes

@JRahnama JRahnama JRahnama approved these changes

@DavoudEshtehari DavoudEshtehari DavoudEshtehari approved these changes

@David-Engel David-Engel Awaiting requested review from David-Engel

Assignees
No one assigned
Labels
None yet
Projects
No open projects
SqlClient v2.1
  
Done
Milestone
2.1.0-preview2
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@cheenamalhotra @karinazhou @DavoudEshtehari @David-Engel @johnnypham @JRahnama